Design Simulation Systems Ltd


You've just seen a password being entered, by someone, who's been phished into accessing a credentials-theft site, which has reproduced our challenge screen. To make things worse, the user's PC is riddled with malware, and the hacker is monitoring the network link.

Two Questions:

1. What was the password?
2. How long was the password?

If your answer contains any of the letters obscured by each click, you're wrong.
If you think the password contained 6 characters, you're wrong.

Another Question:

3. Do you remember the order of the clicks?

Sorry, but that won't do you any good either, as it'll be different next time

Last Question:

4. Was the password sent off to be authenticated, or authenticated in the device?

Neither. The actual password is never sent anywhere, or it might be intercepted. It isn't authenticated at the device, in case that gets stolen.
The screen-scraper malware saw no text in the frame buffer. It doesn't know the password
The resident key-logger malware on the device saw what you saw. There were no keystrokes, so it doesn't know the password either
That, together with the other two factors, makes DSS Enterprise the world's most hackproof authentication, authorisation and access system.
Find out more

DSS Enterprise. The Cybersecurity Authentication Solution

During the current pandemic, we'll give our system for free to any organisation that needs it

  • Authentication, Access Control, Authorisation
  • Self-hosted identity-as-a-service
  • Central control with user self-service
  • Installs out-of-the-box in under an hour
  • Configures on your smartphone
  • Easy migration from legacy systems
  • Keyboardless password entry
  • Immune to brute-force login scripts
  • No learning-curve burden on users
  • Users can keep their original passwords
  • Frictionless Two or Three Factor Authentication
  • No SMS, no tokens, no typing, no biometrics
  • 2-Tier single sign-on session protection

Authentication, Access, Authorisation

Authentication begins when your device connects to the authentication server.
The device's unique signature is checked against those registered to you, and is the second factor of the authentication - which also permits Single Sign-On to multiple applications.
This process is totally transparent. We don't query the device, or install cookies or client software on it.
Your password data is protected by strong encryption, and the most secure and effective encryption key management system you've ever seen. Even the root user neither knows nor can access the encryption key, and even he can't access any user's password.
Unlike freebies like Radius, you can install it in 5 minutes, configure it using your smartphone and, unlike SAML-based systems, you can connect a browser or smartphone to it, with 2 lines of HTML.
Find out More

User Self-Service for Most Tasks

Users have no need for admin privilege to set most of their profile parameters.
Not even the administrator knows or can access a user's password, so only the user can set/reset it. Users can also register as many devices as they need and deregister devices no longer needed or obsolete.
Find out More

Try our interactive SSO demo

Croesus & Midas sell diamonds. The diamonds are sold from four different stores, each of which only sells one colour

The four stores sell Red, Green, Blue and White diamonds respectively.

To make things easy for their many customers, Croesus & Midas permit a single password to give access to more than one store.

The ID's of users authorised to access the diamond stores, together with their passwords, and instructions on how to run the demo can be found here

Find out more

Secure Data At Rest with Virtual Key Encryption

Even though the confidential user details and password data in your database might all be encrypted, the Enemy Within knows the location of the encryption keys and can steal the database, decrypt the data, and publish it on the internet.
Not with DSS Enterprise. Once the virtual keys are set, not even we can access them. Even though the root user can change the keys, he's never told their value.
Find out more

IPS with Automated Detection Investigation and Response

If there's an intrusion attempt, you don't want to see flashing lights, email messages or hear alarm bells. You want it stopped. Instead of trawling through blacklists and whitelists - which need to be updated every 24 hours - it makes a lot more sense to analyse the query, block the IP address, and notify the domain owner, so the account can be cancelled.
Our IDS/IPS, has successfully defeated every single hack attempt for the last 10 years and, by reporting the IP addresses to their ISP's, has helped to remove over 136,000 of these parasites from the internet - and counting...
Rather than throw away the hackers' efforts, we treated them as donations, and saved over 10000 hack queries, ranging from SQL injection, to dumb PHP and WordPress hacks, to attempted bash exploits. You can download these files to create pen-testing scripts.
You can also see a (live) chart of incoming defeated hack attempts by clicking on "Hackers' Graveyard Graph" but, if your website is running on a Sun server, we'll give you the executable for free. If you're not running on Sun, we're willing to discuss a cooperative effort to port the source code to other platforms.
Hackers' Graveyard Graph Download the hack queries

Unix, Oracle and Security

We include here, a pot-pourri of Unix articles, with a leaning towards database and security applications. If you're not that good a programmer, they'll either help, or put you off, for good... Read 'Real Programmers' to see if you qualify or, if you're not a programmer, try 'WordImperfect'
Find out More

Powerpoint Presentation for Management

Blog: Random Ramblings On System Security

Blog: Identity As What Service?

Blog: The Choice of a Second Authentication Factor?

Blog: The Choice of a Third Authentication Factor?

What next?
I need more technical information
I need pricing information
I'd like a free 3-month trial

Still interested in the legacy analog simulation stuff?

Copyright © 1999-2017 Design Simulation Systems

All rights reserved for their respective owners.